ISO27001 and loss of data
Add an article Back to list
Once again there have been cases where sensitive
data has been left on trains or in restaurants and most of these are either
laptops, or memory devices. The sheer volume of data loss is reaching epidemic
proportions.
ISO27001 is a good system to have in place but it must be enforced
vigorously, otherwise it is just too easy to allow data to be lost or removed.
The prime method for theft of data remains the USB stick and this seems to be
the method of choice for those wishing to steal data from systems.
There are a couple of things you can do to protect your data:
- Set up computers and laptops to exclude USB devices and CD/DVD writers. It may seem harsh for laptop users not to be able to use the USB port, apart from a mouse but if the data you hold is sensitive then this level of protection is justifiable.
- Using group policy to prevent the export of data by email or other attachment.
- Enforce the encryption policy to make sure that any data stored on a laptop is secure; password protection alone is not enough.
- You could also set up your laptop systems to be 'thin client', that is to have all data stored on a server and using the laptop to connect to the server. No data can be stored on the laptop, so the laptop cannot be compromised.
- And finally ensure that paper documents are protectively marked if they are sensitive and enforce security protocols for restricted, confidential and secret documents.
Let us all make sure that 2010 is not going to be a year when we lose data.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy based in Essex, UK which specialises in ISO27001 Information Security Management consultancy.
